CVE-2021-21804 is a vulnerability in Advantech R Seenet
Published on July 16, 2021
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
Weakness Type
What is a Remote file include Vulnerability?
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.
CVE-2021-21804 has been classified to as a Remote file include vulnerability or weakness.
Products Associated with CVE-2021-21804
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-21804 are published in Advantech R Seenet:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.